According to Tod Beardlsey, an engineer at security firm Rapid7, versions of Android WebView, a key component of the Android browser that apps use to render webpages, are insecure. (Rapid7’s Metaspoit product catalogs 11 vulnerabilities in Android WebView.) Making things worse, Google has apparently stopped patching the component for older phones — and if you report a vulnerability, Google won’t listen unless you provide a patch yourself.

Beardlsey says that Android’s massive deployment means that “any new bug discovered in ‘legacy’ Android is going to last as a mass-market exploit vector for a long, long time.” It’s as if Microsoft stopped patching Windows XP and Internet Explorer in 2007.

The affected version of Android WebView was ditched in Android 4.4 for a more modern version. The only phones affected are running Android 4.3 and below — so most Americans with recent Android devices are in the clear.

Still, a lot of phones run an older version of Android. According to Google’s own statistics from January 2015, nearly 46 percent of Android devices are running a version of Jelly Bean, which saw its final release in October 2013. Fourteen percent of devices are running on an even older version of Android.

Why would Google stop patching a key part of hundreds of millions of devices? One hint is in the security email sent to Beardlsey from security@android.com:

Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.

Google doesn’t have complete control over its operating system updates, and even if it were to issue patches for older devices, device makers and carriers would get to decide whether they’d devote the resources to implementing the fix to push it out to customers.

These issues are a main reason why in recent years, [company]Google[/company] has been moving more and more of its contribution to Android into Google Play Services. Google controls when Google Play Services updates, and in many ways, it makes the specific version of Android your phone is running irrelevant.

In fact, in June, Google announced that Google Play Services can deliver security updates, and about 93 percent of Android devices are on the latest version. So although Google might not be able to patch older open-source components — like Android WebView — of Android on certain older devices, it’s likely Mountain View will be able to push security updates on current devices until the end of their lives. Security is a big reason the Android One program promises two years of updates for cheap phones.

It might not be any comfort to people sticking with phones running Jelly Bean, but Android WebView is no longer baked into the Android operating system. Phones running a recent version of Android usually automatically update the Android WebView component directly from Google Play.

]]>http://gigaom.com/2015/01/12/google-stopped-patching-old-android-exploits-but-dont-panic/feed/5HP announces a 14-inch Android laptop and a new Chromebookhttp://gigaom.com/2014/06/02/hp-announces-a-14-inch-android-laptop-and-two-new-chromebooks/
http://gigaom.com/2014/06/02/hp-announces-a-14-inch-android-laptop-and-two-new-chromebooks/#commentsMon, 02 Jun 2014 14:40:52 +0000http://gigaom.com/?p=846179A previous version of this article stated that HP launched two new Chromebooks, including a 14-inch model. There is no 14-inch HP Chromebook with a Samsung processor.

Back in April, a notebook-style computer running Google(s goog) Android software was spotted on the HP(s hpq) site. Although the post was quickly taken down, this weekend HP officially announced the SlateBook, a 14-inch Android laptop with a 1920 x 1080 screen.

Its specs aren’t that different from a lot of Chromebooks: 2GB of RAM, up to 64GB of storage, and a Tegra 4 mobile processor. The SlateBook is covered in useful ports, including USB 3.0 and HDMI out options. There are devices with less heft than its 3.75 pounds, but that’s an understandable tradeoff in light of the 14-inch 1080p touchscreen. The HP Slatebook PC runs Android 4.3 — which isn’t the latest version, and is a sign that this machine may not get the speediest Android updates.

It’s not a convertible laptop; there is no way to remove the screen from the keyboard and use it as a tablet. But at $430, the SlateBook is a unique option in the low-end laptop market. The use of Android as a laptop operating system is interesting, and it must be a Google-approved experiment as it will have full Google Play support, so it can tap into hundreds of thousands of Android apps. That includes games, which aren’t available on a Chromebook, Google’s preferred operating system for cheap notebooks.

Two immediate questions that come with the usual form factor are how well the device handle portrait apps — will it display black bars on both sides? — and how the trackpad will be integrated into the touch-based operating system. According to an HP spokesperson, software is included to “make portrait apps display correctly on the landscape screen.” There will also be a number of apps that won’t support the trackpad, but users can still use the touchscreen.

HP also announced a new 11-inch Chromebook starting at $250. The 11-inch model has been redesigned to look more like last year’s 14-inch model, and unfortunately won’t have the same vivid IPS screen as its predecessor. HP’s Chromebook comes with 2GB of RAM, the standard 16GB of storage, and it’s powered by a Samsung Exynos processor. Eventually it will have an option available to add built-in cellular connectivity.

The Chromebook will go on sale in July and the SlateBook will be released on July 20.

]]>http://gigaom.com/2014/06/02/hp-announces-a-14-inch-android-laptop-and-two-new-chromebooks/feed/10Android KitKat uptake slower than Jelly Bean, North American web traffic suggestshttp://gigaom.com/2014/04/11/android-kitkat-uptake-slower-than-jelly-bean-suggests-north-american-web-traffic/
http://gigaom.com/2014/04/11/android-kitkat-uptake-slower-than-jelly-bean-suggests-north-american-web-traffic/#commentsFri, 11 Apr 2014 15:18:13 +0000http://gigaom.com/?p=833749In October, Google revamped Android with the KitKat version, but few devices run the newest software yet. In fact, web traffic data in North America suggests the update for KitKat is even slower than it was for the prior version of Android, Jelly Bean.

Chitika’s data is taken from websites in the U.S. and Canada that use the company’s ad platform, so this information isn’t an exact detailing of the entire market. However, Chitika’s data pool is large; this report was captured from tens of millions of ad impressions using Chitika’s network between March 31 and April 6.

In terms of device types, the data suggests that both Android(s goog) phones and tablets are getting updated or sold with KitKat at the same pace. Handsets running Android 4.4 accounted for 10 percent of measured web traffic in the study, while 10.6 percent of tablets used KitKat during the measurement period.

I was a little surprised by the data, given that we saw some software updates available for Android 4.4 recently. Motorola has generally led the way, offering KitKat for both its Moto X and Moto G handsets as early as November. At this point, the four major U.S. carriers have all pushed KitKat to the Moto X. But one phone doesn’t make for a whole market, meaning there are plenty of devices from Samsung, HTC, LG and others that are still running Android 4.3 or older.

Is this a huge issue or challenge for Google? Not any more so than the company has faced with prior versions. From a consumer standpoint, there won’t be much of a front-facing difference if devices are running Android 4.3 or Android 4.4. Developer frustration, however, could be a factor. Why create or evolve apps with some of the newest features available in KitKat when millions of devices can’t yet use them?

]]>http://gigaom.com/2014/04/11/android-kitkat-uptake-slower-than-jelly-bean-suggests-north-american-web-traffic/feed/7Early look at Android 4.3 on Galaxy S 4: Reading Mode and better color reproductionhttp://gigaom.com/2013/10/02/early-look-at-android-4-3-on-galaxy-s-4-reading-mode-and-better-color-reproduction/
http://gigaom.com/2013/10/02/early-look-at-android-4-3-on-galaxy-s-4-reading-mode-and-better-color-reproduction/#commentsWed, 02 Oct 2013 15:05:29 +0000http://gigaom.com/?p=700173The Samsung Galaxy S 4 hasn’t received its Android(s goog) 4.3 update yet, however, that hasn’t stopped some from getting an early peek at the software. SamMobile has a reported test build of the update that’s described as very stable, indicating Android 4.3 is coming soon to the Galaxy S 4 smartphone.

Aside from the latest Google bits, what else can you expect? Some keyboard modifications, Samsung Wallet as a default application, and a new Reading Mode to optimize text on certain applications — likely Samsung’s own. Take a look at this quick walkthrough to see what else is coming in Android 4.

One of the more interesting functions is an improvement to the device’s color reproduction; something that device owners will appreciate as many find Samsung’s mobile displays to be a little oversaturated for their taste.

If you want to try the test build on your own Galaxy S 4, SamMobile has the files available. Just be warned that it’s not an official release from Samsung so you’re own on your own for support if something goes wrong.

]]>http://gigaom.com/2013/10/02/early-look-at-android-4-3-on-galaxy-s-4-reading-mode-and-better-color-reproduction/feed/4Jelly Bean now runs on 40 percent of Google Android deviceshttp://gigaom.com/2013/08/02/jelly-bean-now-runs-on-40-percent-of-google-android-devices/
http://gigaom.com/2013/08/02/jelly-bean-now-runs-on-40-percent-of-google-android-devices/#commentsFri, 02 Aug 2013 15:57:24 +0000http://gigaom.com/?p=675172Another month means another 30 days of Android(s goog) phones being sold with or getting updated to Android Jelly Bean software. Google’s data for the month ending July 31 says that 40.5 percent of Android devices are running Android 4.1 or better, which helps developers target their apps for this subset of devices.

Helping to get devices off of Gingerbread, or Android 2.3, is a number of new phones that come with Jelly Bean pre-installed. Handset makers have also been pushing out software updates to devices of late as Google has slowed down the pace of change with Android.

Instead of major new Android revisions, Google has added new features, software APIs and functions available through Google services. That allows a wider range of devices to improve without requiring consumers to run newer versions of Android. It’s a smart play by Google and is surely helping to reduce issues caused by multiple Android versions for smartphones and tablets.

At this rate, I expect Jelly Bean will be on 50 percent or more devices within 3 months. At that point, things get interesting again as Google is expected to introduce Android 5.0, or Key Lime Pie, later this year.

]]>http://gigaom.com/2013/08/02/jelly-bean-now-runs-on-40-percent-of-google-android-devices/feed/2Gingerbread finally gets stale for Android as Jelly Bean is now most usedhttp://gigaom.com/2013/07/09/gingerbread-finally-gets-stale-for-android-as-jelly-bean-is-now-most-used/
http://gigaom.com/2013/07/09/gingerbread-finally-gets-stale-for-android-as-jelly-bean-is-now-most-used/#commentsTue, 09 Jul 2013 13:54:10 +0000http://gigaom.com/?p=665296It took 13 months after the launch of Android 4.1, also known as Jelly Bean, but the software version is now the most used on Android devices according to Google(s goog). The company shares the version data on a monthly basis so that developers can better understand their target audience for apps. And for the better part of three years, more Android phones and tablets have been running the older Android 2.3 software, known as Gingerbread.

Surely part of this transition from the older to the more modern Android software has been helped by phone upgrades. Here in the U.S., where phones are generally purchased with two-year contracts, consumers upgrade their hardware every 20 to 24 months in tandem with their carrier commitment. As hardware has quickly improved, more newer phones at various price points are capable of running Android 4.2.

Google has also helped itself move the Android world to Jelly Bean both by slowing down the visual changes of the user interface while at the same time adding features that could drive consumer demand for the latest software. Google Now is a particular example, as it runs on Android 4.1 or better devices only. Google’s answer to Apple’s(s aapl) Siri assistant can provide useful information before users even ask by remembering web searches and sifting through email.

With 34.1 percent of Android devices still using Android 2.3, the transition to a modern version of Android is far from complete. But with 37.9 percent of Androids now running Jelly Bean, Google is over the hump. That’s good and just in time too: Android 4.3, likely another sub-version of Jelly Bean, is expected to launch soon.

]]>http://gigaom.com/2013/07/09/gingerbread-finally-gets-stale-for-android-as-jelly-bean-is-now-most-used/feed/1Right on cue: 54.3 percent of Androids run Ice Cream Sandwich or Jelly Bean softwarehttp://gigaom.com/2013/04/02/right-on-cue-54-3-percent-running-ice-cream-sandwich-or-jelly-bean-software/
http://gigaom.com/2013/04/02/right-on-cue-54-3-percent-running-ice-cream-sandwich-or-jelly-bean-software/#commentsWed, 03 Apr 2013 00:54:50 +0000http://gigaom.com/?p=626851More than half of all Android(s goog) devices tracked by Google are finally running Android 4.0 software or better. The company posted an update on Google+ as well as its dashboard that helps developers target certain device types for their apps. Based on the most recent period of tracking, 54.3 percent of Android devices hitting the Google Play store run either the Ice Cream Sandwich or Jelly Bean variants of Android software.

Google did make a slight change in how it tracks and counts such information, however. Per the company’s Google+ post:

We’ve updated the way we calculate our device dashboards to make them even more useful, and have also updated the data on screen distribution. Note that as a result of these adjustments, some slices in the pie charts have changed more than usual.

The new device dashboards are based on the devices of users who visit the Google Play Store (rather than devices that have checked-in to Google servers). As a result, the dashboards more accurately reflect the users most engaged in the Android and Google Play ecosystem—and thus most likely to download and use your apps.

This change makes sense from a developer’s standpoint: Instead of counting devices that “check in” — something that could be a simple as signing in or syncing through a Google service — devices that actually visit the Google Play store are counted. Those are the ones that developers are interested in, of course.

Since Android 4.0 was introduced in late 2011, it also makes sense for developers to be focused on writing software that supports Android 4.0 or better. I’m not saying Android 2.3 devices shouldn’t be supported any longer — they still account for 39.8 percent of all Androids — but they’re older devices that are more likely to be upgraded soon through a new hardware purchase. Developers will get the most bang for their buck by targeting Ice Cream Sandwich and Jelly Bean devices.

]]>http://gigaom.com/2013/04/02/right-on-cue-54-3-percent-running-ice-cream-sandwich-or-jelly-bean-software/feed/4Finally! More devices using Android 4 than older versionshttp://gigaom.com/2013/03/06/finally-more-devices-using-android-4-than-older-versions/
http://gigaom.com/2013/03/06/finally-more-devices-using-android-4-than-older-versions/#commentsWed, 06 Mar 2013 19:33:03 +0000http://gigaom.com/?p=617387It has taken since the introduction of Android 4.0 in Dec. 2011 until now, but there are finally more devices running Android 4.0 or better software than those that run older versions of Google’s(s goog) platform. On its Android Developer Dashboard, Google notes that 45.1 percent of Androids hitting the Google Play store of late use Android 4.0 or better. That compares to the 44.2 percent that still use Android 2.3 Gingerbread software.

The uptake of Android 4.0 and its sub-versions of late has been quick. In October, I saw that 1 in 4 devices visiting Google Play used Android 4.0 or better. At that time, I suggested that we’d see half of all Androids use recent versions of software within four to six months. We’re not at the halfway mark yet, but it’s only been four months. With the acceleration of phones and tablets running newer software, I won’t be surprised to see us reaching the tipping point next month.

Hardware makers have also “caught” up to the software changes. Even after Android 4.0 arrived in late 2011, it took a good six months for phones to ship with a recent version of Android. By and large many of these now ship with Android 4.1 and not Android 4.2, but the differences between the versions aren’t that great. If the average consumer were to compare an Android 4.1 phone to one with Android 4.2, it’s safe to say they’d be hard pressed to tell the two apart.

The feature differences brought by distributed Android software updates has been a key target for iOS users when looking to criticize Android. These points have definitely had merit; particularly early on in Android’s life-cycle. But I’d argue that Google’s issue has largely diminished and it’s really not that different on iOS(s aapl); it’s just handled differently.

Some iOS features found in software aren’t applicable to older devices and yet, these are reported as having the same version of iOS as devices that can use the new features. The last three iPad models Apple has produced can run iOS 6, which includes Siri, for example, but only Apple’s third- and fourth generation iPad’s can actually use Siri; different code is actually pushed by Apple to different devices, yet all have the same public version number.

Regardless of which platform you use, this should help Android developers target more devices for mobile apps. And they shouldn’t have to worry as much about version numbers or supported API levels as more Androids run newer versions of the platform.

This story was updated at 2:18 pm to correct the point about iOS 6 compatibility with iPads. Originally, the post incorrectly stated that all iPads can run it.

The Optimus Pro G goes on sale this week in South Korea, carrying Android “Jelly Bean” 4.1.2. According to a release in Korean, it will then make its way to North America and Japan in the second quarter of this year. An LG spokeswoman in London was unable to confirm European availability plans.

So, what are we looking at? Size-wise, the Optimus Pro G is an ever-so-slightly smaller rival to the Samsung Galaxy Note 2 — same thickness and screen size, but 0.9mm narrower and a good 4.4mm shorter. However, LG has made the jump to full HD: with a resolution of 1920 x 1080 pixels, the Pro G has a pixel density of 400ppi, versus the Note 2’s 267ppi. It lack’s the Note 2’s stylus, though.

Inside, the Pro G uses a 1.7GHz quad-core Qualcomm(s qcom) Snapdragon 600 chipset; a slight step up from the 1.6GHz processor in the Note 2. Incidentally, this is the first outing for the Snapdragon 600, which is a successor to last year’s Snapdragon S4 series (its twin, the sequel to the S4 Pro, will be called the Snapdragon 800).

More pixels and processing power usually mean more power-drain. On this front, LG is touting the “largest battery capacity in its class” at 3,140mAh, but that’s not really much more than the Note 2’s 3,100mAh. LG also hasn’t quoted the device’s weight yet, so it’s hard to see how that compares with the Note 2’s 183g. The Note 2 has an 8MP camera and the Pro G a 13MP affair, but, given the size of a smartphone camera’s sensor, image quality will be more down to the lens and software than the megapixel count here.

Custom tweaks include “an upgraded QSlide” (LG’s answer to Samsung’s multitasking Pop-up Play feature), QuickMemo and a feature called Virtual Reality Panorama, which looks on paper to be precisely the same as Android’s stock 360-degree Photo Sphere function. The Pro G can also record video through both front- and rear-facing camera simultaneously, and it also features wireless charging.

How does this all compare with Samsung’s largest smartphone / smallest tablet? On paper, certainly, this looks to be an improvement on the Note 2, but then again there will probably be a Note 3 this year, also capitalizing on the latest chipsets and quite probably also upping the pixel count. It certainly doesn’t look like LG has done anything particularly groundbreaking here, so the real test of the Pro G’s success or otherwise will be its as-yet-unannounced pricing.

]]>http://gigaom.com/2013/02/18/lgs-5-5-inch-optimus-pro-g-will-bring-its-full-hd-to-u-s-shores-in-second-quarter/feed/5Android this week: Galaxy Note 8.0 tipped; Note 10.1, Tab 2 updated; Optimus G Pro leakedhttp://gigaom.com/2013/01/19/android-this-week-galaxy-note-8-0-tipped-note-10-1-tab-2-updated-optimus-g-pro-leaked/
http://gigaom.com/2013/01/19/android-this-week-galaxy-note-8-0-tipped-note-10-1-tab-2-updated-optimus-g-pro-leaked/#commentsSat, 19 Jan 2013 14:00:34 +0000http://gigaom.com/?p=602745Samsung didn’t have any major new Android(s goog) devices to show at this month’s Consumer Electronics Show, but it may make up for that at February’s Mobile World Congress event. Reported specifications for a Galaxy Note 8.0 tablet appeared on the web this week, which would give Samsung a product that competes directly against Apple’s(s aapl) iPad mini.

Depending on which Samsung processor is used — that information isn’t yet available or speculated — the cost of the eight-inch tablet could undercut Apple’s small slate. That would add appeal for cost-conscious shoppers. I also think the addition of Samsung’s S-Pen and supporting software are differentiators too; something I didn’t value greatly until I used the combination on my Galaxy Note 2.

Based on the limited, and unofficial, data so far, the Note 8.0 is expected to have a 1280 x 800 Super Clear LCD screen, 2 GB of memory, and be available in both Wi-Fi and 3G models. The device will reportedly run Android 4.2 with Samsung’s TouchWiz software interface.

Both will get the performance boosts of Google’s Project Butter effort as well as improvements in the user interface and notifications. The larger of the two slates also gains Samsung’s Premium Suite, adding greater functionality for the S-Pen and multi-window support.

Among other leaks and expected devices at the MWC is LG’s Optimus Pro. A rendering and spec sheet for the device appeared on Engadget, showing a 5-inch Android Jelly Bean handset with 1080p display. Other hardware bits include a 13 megapixel rear camera, 2.4 megapixel front sensor, 2 GB of memory, 32 GB of storage and a 1.7 GHz Qualcomm(s qcom) Snapdragon S4 Pro chip for the LTE device.